May 30 2013 Thursday
Setting up IBM HTTP Server to redirect all traffic to HTTPS when fronting Domino (I guess this is part 3???)
I guess this is somewhat of a series now. Hummm.....
Previous (now) parts:
In (now) part 1, I showed how to install IBM HTTP Server (IHS) with Domino 9 on Windows
In (now) part 2, I showed how to use an existing Domino keyfile SSL certificate on IHS
In this (now) part 3 I will show how to redirect all IHS traffic to SSL when using the Domino 9 built-in IHS server. This is most likely how you want iNotes or Traveler servers set up.....so here goes:
0.5) Make sure you already have SSL working before you do this (aka part 2)
1) Backup the original domino.conf file (under domino/ihs/conf)
2) Edit the domino.conf file on the Domino server
3) Uncomment the line
4) Add the following immediately after the LoadModules section:
5) Restart HTTP on Domino, if no errors you should be in business. If you have any issues uncomment the two "RewriteLog" entries (lines 4 and 5), restart HTTP and see what the log has in it.
6) Open a browser and browse to a URL on the server, it should now be automatically redirected from http to https
Here is a screen grab of my domino.conf after the additions so you get an idea of where to put it:
For the record some of this information was gleaned from IBM Technote 1107738.
Previous (now) parts:
In (now) part 1, I showed how to install IBM HTTP Server (IHS) with Domino 9 on Windows
In (now) part 2, I showed how to use an existing Domino keyfile SSL certificate on IHS
In this (now) part 3 I will show how to redirect all IHS traffic to SSL when using the Domino 9 built-in IHS server. This is most likely how you want iNotes or Traveler servers set up.....so here goes:
0.5) Make sure you already have SSL working before you do this (aka part 2)
1) Backup the original domino.conf file (under domino/ihs/conf)
2) Edit the domino.conf file on the Domino server
3) Uncomment the line
LoadModule rewrite_module modules/mod_rewrite.so
4) Add the following immediately after the LoadModules section:
#-------------
RewriteEngine On
# handy for seeing what's going on when the web server tries to redirect
#RewriteLog "C:/rwlog.txt"
#RewriteLogLevel 1
# if the port's not 443 (ssl)...
RewriteCond %{SERVER_PORT} !^443$
#...redirect it to the same page but make it SSL
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
#-----------------
5) Restart HTTP on Domino, if no errors you should be in business. If you have any issues uncomment the two "RewriteLog" entries (lines 4 and 5), restart HTTP and see what the log has in it.
6) Open a browser and browse to a URL on the server, it should now be automatically redirected from http to https
Here is a screen grab of my domino.conf after the additions so you get an idea of where to put it:
For the record some of this information was gleaned from IBM Technote 1107738.
Discussion for this entry is now closed.
Comments (6)
It is on the list for the developers, but it hasn't been tagged with a version yet. My guess 9.0x, with x > 0
Hi,
1st thx for this helpful post. followed it and it works for me.
Have you tried to continue in this and make client authentication via internet certificate ?
I upgraded to V9 for the support of newer certificate version with version 8.5.3 and older it was working good.
thx again
So when are they going to have it available for Linux? We no longer have Windows server.